Asuswrt-Merlin 3.0.0.4.372.31 is out

[2000wolf]

For someone with an RT-N66U who doesn't use AI Cloud or Open VPN and is still on 3.0.0.4.270.26, what is the value for moving to 3.0.0.372.31? Is there a compelling feature or fix that makes the trouble of re-entering DHCP reservations and MAC filtering worthwhile?

I'm still on ...30_2. I don't know why but according inSSIDer 3 it provides a far better Link Score than ...26

 

[Funroc]

You can't use port 443 - that's used by AiCloud. Your OpenVPN server is conflicting with AiCloud.

Hi Merlin,

I've got the same problem than Richard Nixon, please see my settings below.
I come back from 29 beta version and i'm on port 53.
My Openvpn is thru Hidemyass.

Funroc

 

[RMerlin]

Hi Merlin,

I've got the same problem than Richard Nixon, please see my settings below.
I come back from 29 beta version and i'm on port 53.
My Openvpn is thru Hidemyass.

Richard is talking about a server configuration, while you are talking about a client - totally different situation.

What do you see in the System Log?

 

[Funroc]

Richard is talking about a server configuration, while you are talking about a client - totally different situation.

What do you see in the System Log?

Jan 1 01:00:10 WAN Connection: ISP's DHCP did not function properly.
Jan 1 01:00:10 RT-AC66U: start httpd
Jan 1 01:00:10 crond[303]: crond: crond (busybox 1.20.2) started, log level 8
Jan 1 01:00:15 disk monitor: be idle
Jan 1 01:00:16 kernel: br0: port 1(vlan1) entering disabled state
Jan 1 01:00:16 kernel: vlan1: dev_set_promiscuity(master, 1)
Jan 1 01:00:16 kernel: br0: port 1(vlan1) entering listening state
Jan 1 01:00:16 kernel: br0: port 1(vlan1) entering learning state
Jan 1 01:00:16 kernel: br0: topology change detected, propagating
Jan 1 01:00:16 kernel: br0: port 1(vlan1) entering forwarding state
Jan 1 01:00:16 dnsmasq-dhcp[291]: DHCPREQUEST(br0) 192.168.1.100 00:1e:0b:ef:50:78
Jan 1 01:00:16 dnsmasq-dhcp[291]: DHCPACK(br0) 192.168.1.100 00:1e:0b:ef:50:78 HPEF5078
Jan 1 01:00:17 dnsmasq[291]: read /etc/hosts - 5 addresses
Jan 1 01:00:17 dnsmasq[291]: read /etc/hosts.dnsmasq - 8 addresses
Jan 1 01:00:17 dnsmasq-dhcp[291]: read /etc/ethers - 9 addresses
Jan 1 01:00:17 dnsmasq[291]: using nameserver 8.8.4.4#53
Jan 1 01:00:17 dnsmasq[291]: using nameserver 8.8.8.8#53
Jan 1 01:00:17 dnsmasq[291]: read /etc/hosts - 5 addresses
Jan 1 01:00:17 dnsmasq[291]: read /etc/hosts.dnsmasq - 8 addresses
Jan 1 01:00:17 dnsmasq-dhcp[291]: read /etc/ethers - 9 addresses
Jan 1 01:00:17 dnsmasq[291]: using nameserver 8.8.4.4#53
Jan 1 01:00:17 dnsmasq[291]: using nameserver 8.8.8.8#53
Jan 1 01:00:17 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Jan 1 01:00:17 dnsmasq[291]: exiting on receipt of SIGTERM
Jan 1 01:00:17 dnsmasq[360]: started, version 2.65 cachesize 1500
Jan 1 01:00:17 dnsmasq[360]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack
Jan 1 01:00:17 dnsmasq[360]: asynchronous logging enabled, queue limit is 5 messages
Jan 1 01:00:17 dnsmasq-dhcp[360]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 1d
Jan 1 01:00:17 dnsmasq[360]: read /etc/hosts - 5 addresses
Jan 1 01:00:17 dnsmasq[360]: read /etc/hosts.dnsmasq - 8 addresses
Jan 1 01:00:17 dnsmasq-dhcp[360]: read /etc/ethers - 9 addresses
Jan 1 01:00:17 dnsmasq[360]: using nameserver 8.8.4.4#53
Jan 1 01:00:17 dnsmasq[360]: using nameserver 8.8.8.8#53
Jan 1 01:00:18 kernel: nf_conntrack_rtsp v0.6.21 loading
Jan 1 01:00:18 kernel: nf_nat_rtsp v0.6.21 loading
Jan 1 01:00:18 rc_service: udhcpc 342:notify_rc stop_upnp
Jan 1 01:00:18 rc_service: udhcpc 342:notify_rc start_upnp
Jan 1 01:00:18 miniupnpd[395]: HTTP listening on port 36696
Jan 1 01:00:18 miniupnpd[395]: Listening for NAT-PMP traffic on port 5351
Jan 1 01:00:20 WAN Connection: WAN was restored.
Jan 1 01:00:28 dnsmasq-dhcp[360]: DHCPREQUEST(br0) 192.168.1.102 00:27:10:b1:d7:40
Jan 1 01:00:28 dnsmasq-dhcp[360]: DHCPACK(br0) 192.168.1.102 00:27:10:b1:d7:40 FRANCK-PC
Jan 1 01:00:28 rc_service: udhcpc 342:notify_rc start_vpnclient1
Jan 1 01:00:28 rc_service: udhcpc 342:notify_rc start_vpnclient2
Jan 1 01:00:28 rc_service: start_vpnclient2 is waitting start_vpnclient1...
Jan 1 01:00:28 kernel: tun: Universal TUN/TAP device driver, 1.6
Jan 1 01:00:28 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Jan 1 01:00:30 openvpn[403]: OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 24 2013
Jan 1 01:00:30 openvpn[403]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 1 01:00:30 openvpn[403]: Socket Buffers: R=[116736->131072] S=[116736->131072]
Jan 1 01:00:30 openvpn[408]: UDPv4 link local: [undef]
Jan 1 01:00:30 openvpn[408]: UDPv4 link remote: [AF_INET]62.233.34.2:53
Jan 1 01:00:30 openvpn[408]: TLS: Initial packet from [AF_INET]62.233.34.2:53, sid=d7813d0d 1fc99432
Jan 1 01:00:30 openvpn[408]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 1 01:00:31 dnsmasq-dhcp[360]: DHCPINFORM(br0) 192.168.1.102 00:27:10:b1:d7:40
Jan 1 01:00:31 dnsmasq-dhcp[360]: DHCPACK(br0) 192.168.1.102 00:27:10:b1:d7:40 FRANCK-PC
Jan 1 01:00:31 openvpn[408]: VERIFY OK: depth=1, C=UK, ST=NR, L=Attleborough, O=Hide My butt! Pro, OU=VPN, CN=vpn.hidemyass.com, emailAddress=ca@hidemyass.com
Jan 1 01:00:31 openvpn[408]: VERIFY OK: nsCertType=SERVER
Jan 1 01:00:31 openvpn[408]: VERIFY OK: depth=0, C=UK, ST=NR, L=Attleborough, O=Hide My butt! Pro, OU=VPN, CN=server, emailAddress=vpn@hidemyass.com
Jan 1 01:00:32 openvpn[408]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 1 01:00:32 openvpn[408]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 1 01:00:32 openvpn[408]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 1 01:00:32 openvpn[408]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 1 01:00:32 openvpn[408]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 1 01:00:32 openvpn[408]: [server] Peer Connection Initiated with [AF_INET]62.233.34.2:53
Jan 1 01:00:34 openvpn[408]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Jan 1 01:00:34 openvpn[408]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.200.4.1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,ping 10,ping-restart 90,redirect-gateway def1,ifconfig 10.200.5.2 255.255.252.0'
Jan 1 01:00:34 openvpn[408]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 1 01:00:34 openvpn[408]: OPTIONS IMPORT: --ifconfig/up options modified
Jan 1 01:00:34 openvpn[408]: OPTIONS IMPORT: route options modified
Jan 1 01:00:34 openvpn[408]: OPTIONS IMPORT: route-related options modified
Jan 1 01:00:34 openvpn[408]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jan 1 01:00:34 openvpn[408]: TUN/TAP device tun11 opened
Jan 1 01:00:34 openvpn[408]: TUN/TAP TX queue length set to 100
Jan 1 01:00:34 openvpn[408]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jan 1 01:00:34 openvpn[408]: /sbin/ifconfig tun11 10.200.5.2 netmask 255.255.252.0 mtu 1500 broadcast 10.200.7.255
Jan 1 01:00:34 openvpn[408]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.200.4.1
Jan 1 01:00:34 openvpn[408]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.200.4.1
Jan 1 01:00:34 openvpn[408]: Initialization Sequence Completed
Jan 1 01:00:43 rc_service: skip the event: start_vpnclient2.
Jan 1 01:00:44 rc_service: udhcpc 342:notify_rc stop_ntpc
Jan 1 01:00:44 rc_service: stop_ntpc is waitting start_vpnclient1...
Jan 1 01:00:59 rc_service: skip the event: stop_ntpc.
Jan 1 01:00:59 rc_service: udhcpc 342:notify_rc start_ntpc
Jan 1 01:00:59 rc_service: start_ntpc is waitting start_vpnclient1...
Jan 1 01:01:14 rc_service: skip the event: start_ntpc.
Jan 1 01:01:14 dhcp client: bound 192.168.0.70 via 192.168.0.1 during 86400 seconds.

I copied and past after the reboot. Internet is ok but it doesn't work. Able to ping.
Next i turn off the vpn , reboot and it works.

Re-encrypte the key crash the router !!!

It is the same config than with the 29beta

Funroc

 

[RichardNixon]

OpenVPN problem with .31

You can't use port 443 - that's used by AiCloud. Your OpenVPN server is conflicting with AiCloud.

I have previously used 443 in .28 and below and I don't use AI cloud ( I have shut off AI CLoud). I have also tried other ports such as 8080 Has something changed in .31? I can't even "apply" the key pages before Iturn on the server, why is that



I will retry another port and send you the syslog later today. I will also change the AICloud port in my next try.

Thank you so much.

RN

 

[mikeg]

Upgrade from Asus f/w V. 3.0.0.4.372 to Merlin 4.372.31_0

So I updated the f/w on my Asus RT-AC66U from Asus to Merlins and everything looked ok. After about 2 hours I lost my wireless connection on the 5 GHz band and could not connect to anything on the internet , the router did not answer. I had to restart my laptop to be able to connect to a different wireless , my back-up Asus RT-N66U. I noticed the Broadcom wireless driver was the same version on both f/w:s 6.30.102.9 (r3667174). Now I have powered off the AC66U and will have it like that over the night. It looks like I have to read about the DD-WRT f/w and install that instead. I have had the "luck" that my faithful Dell Inspiron 1720 crashed so I bought a new Asus G75V with a built in wireless card , Broadcom 802.11ac network adapter. I got a TX/RX speed of
866 / 468 Mbps with a signal strength of -41 dBm while I was connected on
the AC66U on the 5 GHz band.
I would really like to get this AC66U working sometime in the near future....l

 

[ciobster]

For those having trouble setting the channel on their RT-N66U, I just tested various channels, with channel width set to 20, 20/40, 40 only, and every time the router properly switched to the channel I specified (confirmed using Wifi Analyzer on my N7). Those having issues, please try a different browser to see if it works any better. I tested using Google Chrome.

Also try reverting back to factory defaults if you were using 354 before - there might be some nvram settings left from 354's driver that could be causing issues. Make a backup of your settings first so if it doesn't fix your problem, you can go back to your previous configuration. If it does resolve your issue however, then you will have to reconfigure your router.

Sorry about that, but this is the price to pay for the Frankenbuild that is required to have the latest FW code working with the older wireless driver.

Upgraded from 26b to 372.31 erasing nvram and restored factory defaults.
On 2.4 Ghz with 20 Mhz only you can set whatever channel you want and it stays that way. The channel is visible on the router GUI and on any other wifi scanner (Xirrus, inSSIDer...) .
On 2.4 Ghz with 20/40 Mhz you can set whatever channel you want and it stays that way. The channel is visible on the router GUI and on any other wifi scanner (Xirrus, inSSIDer...) . No matter the device used to connect to the network, the 2ndarry channel doesn't get up.
On 2.4 Ghz with 40 Mhz you can set whatever channel you want and it stays that way only on the GUI. If you scan the area with any of the scanners (Xirrus, inSSIDer...) it looks like the router reverts to channel 1, no matter the channel choice you make in the GUI. No matter the device used to connect to the network, the max speed is 144 Mbps...

Reverting to any other previous builds everything works like it should.
On the other hand the best build for me remains 26b. I had months of uptime without touching the router. Since upgrading to recent builds i noticed a significant drop in wifi performance (range, throughput, signal noise...) when no other neighbor interference was noticed.

Many thanks for the hard work you put supporting these products for us the hungry consumers.

Cheers

 

[RMerlin]

Jan 1 01:00:28 rc_service: udhcpc 342:notify_rc start_vpnclient1
Jan 1 01:00:28 rc_service: udhcpc 342:notify_rc start_vpnclient2
Jan 1 01:00:28 rc_service: start_vpnclient2 is waitting start_vpnclient1...

Any reason why you are trying to start two vpnclients at the same time? I'm not sure this could work properly, unless you had some manually defined routes in both cases.

 

[tuxing]

Thanks merlin for the excellent firmware

Have been using merlins dualwan firmwares on asus rt-n16 since 2 weeks. The router has been rock stable and dual wan works perfectly. Thanks merlin for the firmware.

some details about my RT-N16 dual wan config
wan1 is a pppoe connection
wan2 lan port4 with automatic ip
dual wan is set to load balance mode and routing tables are enabled for dual wan. i have separately configured which connection each device should use in the dual wan page.

i have a very trivial issue.
Services(ping,ntp,ddns etc) on RT-N16(ip being 192.168.3.1) are unable to reach the internet with dual wan enabled.
so i tried adding router ip 192.168.3.1 to dual wan routing table. it works somewhat.
i am able to allow internet connection for router services by routing 192.168.3.1 to my secondary wan. but routing connection to primary wan - pppoe connection wont enable internet for router services.
as i told earlier its only a trivial matter and its solved for me , but just wanted to bring this to the notice of the developer.

just to highlight how great a dualwan router the rt-n16 is - Had been earlier using dualwan tomato firmware from dualwan.cn on my rt-n16 since about 2 years. Dual wan had been rock stable and reliable on this tomato firmware too , but updates to the firmware has stopped.

Thanks merlin again for the dualwan firmware.

 

[oric1]

If your issue is reentering DHCP reservations and MAC filters, you might be able to speed this up by saving the output of this command:

nvram show|egrep ^\(dhcp_static\|macfilter\)

and using nvram set after upgrading to put the values back.

Hi VinceV,

Before resetting to factory default, let say I extracted my DHCP list via Tools > Run Cmd > Refresh:

nvram show|egrep ^\(dhcp_static\)

dhcp_staticlist=<00:11:32:16:XX:XX>192.168.1.140>S ynology NAS<1C:6F:65:36:YY:YY>192.168.1.141>Samsung TV<74:A0:2B:3C:ZZ:ZZ>192.168.1.142>Canon Printer
dhcp_static_x=1

So how do I put the values back after upgrading using nvram set?

Do I do it via Tools > Run Cmd > Refresh? Could you show me the correct way to do it, please.

Thanks

 

[Funroc]

Any reason why you are trying to start two vpnclients at the same time? I'm not sure this could work properly, unless you had some manually defined routes in both cases.

Yes, but i didn't re-start 2 Vpn.

1 re-encrypt the key
2 Crash the router
3 Re-boot
4 If i turn on the client 1, it goes on and lose the connection

Something doesn't work. And it worked well before.

 

[wrx28]

RichardNixon wrote - I tried resaving the keys by selecting applied. The keys would not save. The RTAC66U just said "processing" for over 5 minutes before I rebooted.

I had a similar problem on an RT-N66U, upgrading from 270.26b, took me a while to find the problem but easy really, when you enter the server certificate only paste the details between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and not any of the text before 'begin certificate'. It then all worked for me and I could start the vpn. Include both -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- when you paste.

Steve

 

[Flying Dutchman]

Hi,
Since I use version 31 the RT-N66U is using channel 1 (on 2.4 GHz) all the time, independent from the setting.

I programmed channel 8 but it is actually using channel 1 ...... .

BR/Bernd

Added: I now read more posts about the channel problem.
I am back to version 30_3 ..... .

 

[VinceV]

Hi VinceV,

Before resetting to factory default, let say I extracted my DHCP list via Tools > Run Cmd > Refresh:

nvram show|egrep ^\(dhcp_static\)

dhcp_staticlist=<00:11:32:16:XX:XX>192.168.1.140>S ynology NAS<1C:6F:65:36:YY:YY>192.168.1.141>Samsung TV<74:A0:2B:3C:ZZ:ZZ>192.168.1.142>Canon Printer
dhcp_static_x=1

So how do I put the values back after upgrading using nvram set?

Do I do it via Tools > Run Cmd > Refresh? Could you show me the correct way to do it, please.

Thanks

This should do the trick:

nvram set "dhcp_staticlist=<00:11:32:16:XX:XX>192.168.1.140>Synology NAS<1C:6F:65:36:YY:YY>192.168.1.141>Samsung TV<74:A0:2B:3C:ZZ:ZZ>192.168.1.142>Canon Printer"
nvram set "dhcp_static_x=1"

 

[RMerlin]

Yes, but i didn't re-start 2 Vpn.

1 re-encrypt the key
2 Crash the router
3 Re-boot
4 If i turn on the client 1, it goes on and lose the connection

Something doesn't work. And it worked well before.

Your log shows that you have both vpnclient1 and 2 enabled. Start by checking vpnclient2 to make sure it's not enabled.

 

[Funroc]

Your log shows that you have both vpnclient1 and 2 enabled. Start by checking vpnclient2 to make sure it's not enabled.

Turn on one client enable the both ??
Re-encrypte key 1 or Key 2 cause a crash

I remember i had a problem with the client 2 on the 29b, i've just moved the server location each month on client 1

Funroc

 

[RMerlin]

Turn on one client enable the both ??
Re-encrypte key 1 or Key 2 cause a crash

I remember i had a problem with the client 2 on the 29b, i've just moved the server location each month on client 1

Funroc

You probably still have "Start with Wan" set to "Yes" on Client 2.

 

[RichardNixon]

I had a similar problem on an RT-N66U, upgrading from 270.26b, took me a while to find the problem but easy really, when you enter the server certificate only paste the details between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and not any of the text before 'begin certificate'. It then all worked for me and I could start the vpn. Include both -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- when you paste.

Steve

I found a CR and space after -----END CERTIFICATE-----. I removed the CR and space and hit Apply the router responded with and infinite loop of processing, the router still worked by the routers web server did not. I had to shut it down and start it up again.

I then tried to delete all the keys and the same thing happened.
I had also changed the port to 80.

BTW I could not load .28beta or .26. I had to use the rescue utility to make the downgrade
Merlin any suggestions?

 

[cmoskowitz]

ok Merlin, I wiped the nvram, installed .372.31 and played around and finally I got the openvpn settings to stick. It didn't like my server cert or ca auth, but after copying pasting, removing spaces I got it going. Also Tap works too though I use the tunnel int. I am however having another issue where I can connect to the open vpn but I can't ping or access anything on my router. I didn't change any of the fw settings, this is all vanilla, not sure where to start. Right now I'm using PPTP.

**Issue resolved*** Misconfigured compression setting.

Merlin A ok from this end.

 

[Funroc]

You probably still have "Start with Wan" set to "Yes" on Client 2.

1- Start with wan client 2 turned off
2- Start with wan client 1 turned off
3- Client 1 turned on
4- Internet doesn't work
5- Not able now to turn off the client 1
6- Re-encrypt the key
7- Crash
8- Reboot
9- client 2 off and client 1 off

Many space have been introduce in the key files. I tried to copy and paste once again, but a refresh on key client cause a crash.